Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-18 | CVE-2018-19358 | Unspecified vulnerability in Gnome Gnome-Keyring GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. | 7.8 |
| 2018-11-18 | CVE-2008-7320 | Credentials Management vulnerability in Gnome Seahorse GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. | 6.8 |
| 2018-10-29 | CVE-2018-18718 | Double Free vulnerability in multiple products An issue was discovered in gThumb through 3.6.2. | 7.8 |
| 2018-09-04 | CVE-2018-16429 | Out-of-bounds Read vulnerability in multiple products GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). | 7.5 |
| 2018-09-04 | CVE-2018-16428 | NULL Pointer Dereference vulnerability in multiple products In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. | 9.8 |
| 2018-08-24 | CVE-2018-15120 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | 6.5 |
| 2018-08-14 | CVE-2018-14424 | Use After Free vulnerability in Gnome Display Manager The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. | 7.8 |
| 2018-07-26 | CVE-2017-12164 | Improper Initialization vulnerability in Gnome Display Manager 3.24.1 A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. | 6.4 |
| 2018-07-26 | CVE-2018-10900 | OS Command Injection vulnerability in multiple products Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. | 7.8 |
| 2018-07-20 | CVE-2016-10727 | Information Exposure vulnerability in multiple products camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 9.8 |